package local.blueheart.data.springdatademo.config;

import local.blueheart.data.springdatademo.security.AuthenticationHandlerImpl;
import local.blueheart.data.springdatademo.service.AppUserDetailService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.sql.DataSource;


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig  extends WebSecurityConfigurerAdapter {


    @Autowired
    private AppUserDetailService appUserDetailService;

    @Autowired
    private AuthenticationHandlerImpl authenticationHandler;


    /**
     * 配置访问的资源有无要求权限访问
     * @param http
     * @throws Exception
     */
        @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf()
                .disable()
                .authorizeRequests()
                .antMatchers("/", "/*.html", "/favicon.ico","/assets/**", "/**/*.html", "/**/*.css", "/**/*.js", "/webjars/**", "/swagger-resources/**", "/*/api-docs","/detail/**").permitAll().antMatchers("/auth/**").permitAll()
                .anyRequest().authenticated().and()
                .formLogin().successHandler(authenticationHandler).loginPage("/login").failureUrl("/login?error").permitAll().defaultSuccessUrl("/index.do")
                .and().logout().permitAll();
        http.rememberMe().alwaysRemember(true).key("dataprofile").userDetailsService(appUserDetailService);
        http.headers().cacheControl().and().frameOptions().disable();

    }

    /**
     * 与置认证源、提供者
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    /**
     * 认证自定的DAO提供者
     * @return
     */
    @Bean
    public DaoAuthenticationProvider authenticationProvider(){
        final DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(appUserDetailService);
        authProvider.setPasswordEncoder(encoder());
        return authProvider;
    }

    /**
     * 密码加密算法
     * @return
     */
    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder(11);
    }



}
